Описание
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
An information disclosure vulnerability was found in jaegertracing/jaeger. When the Kafka data store is used, this flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
Отчет
While OpenShift ServiceMesh Jaeger does package the affected code (Kafka), the only supported data store is ElasticSearch. Additionally, in the documentation and notes, only ElasticSearch is supported, marking OpenShift ServiceMesh as affected but WONTFIX.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | jaeger | Will not fix | ||
| Jaeger-1.17 | distributed-tracing/jaeger-all-in-one-rhel7 | Fixed | RHSA-2020:2636 | 19.06.2020 |
| Jaeger-1.17 | distributed-tracing/jaeger-collector-rhel7 | Fixed | RHSA-2020:2636 | 19.06.2020 |
| Jaeger-1.17 | distributed-tracing/jaeger-ingester-rhel7 | Fixed | RHSA-2020:2636 | 19.06.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
EPSS
7.1 High
CVSS3